#!/usr/bin/perl
# By JSA <jsasys@gmail.com>

use strict;
use warnings;
use Getopt::Std;
use XML::Simple;  # pacman -S perl-xml-simple
use Term::ANSIColor;

### VARIABLES ###
my $xmlfile;
my $pacaudit_version="0.1";
my %soft_list;
my %opts;
#######

#Sub to Inventory installed packages
sub inventory_packages
{
my %hash =();
my $product;
my $version;
my $pacman_cmd="pacman -Qe";
	foreach(`$pacman_cmd`){
	/^(\S+)\s+(\S+)/;
	$product=$1;
        $version=$2;
	my @v=split(/-/,$version);
	$version=$v[0];
	$hash{$product}=$version;
        }
#$hash{"phpmyadmin"}=	"3.0.0";
return %hash;    
}

# Sub to check vulnerability version
sub check_version{
my ($local_version,$vuln_version,$operator) = @_;	

if($local_version=~ /_pl/){
$local_version=~s/_pl//g;
}
if($vuln_version=~ /_pl/){
$vuln_version=~s/_pl//g;
}

if ($operator eq "less")
{
my $l_version = version->new($local_version);
my $v_version = version->new($vuln_version);
	if ($l_version < $v_version){
	return 1;
	}
}
if ($operator eq "match")
{
	if ($local_version=~ m/$vuln_version/)
	{
	return 1;	
	}
}
}
#Sub to start Audit
sub audit {
my ($the_xml) = @_;
my $xml = new XML::Simple (KeyAttr=>[]);
my $product;
my $vuln_state;
my $cout_vuln=0;

# Create a reporting
#my ($seconds,$minute,$hour,$day,$month,$year,$wday,$yday,$isdst) = localtime(time); # for next release
#$year += 1900; # for next release
#$month++; # for next release
#my $thedate = "$year-$month-$day-$hour-$minute-$seconds"; # for next release
#my $report_file="results/pacaudit-".$thedate.".html";  # for next release

my $data = $xml->XMLin($the_xml,forcearray => 1);	
        foreach my $var (@{$data->{vuln}}){
        $product=$var->{product}->[0];
		if (exists($soft_list{$product})) { 
			$vuln_state=&check_version($soft_list{$product},$var->{version}->[0],$var->{operator}->[0]);
			if ($vuln_state == 1){
				print "---------- \n";
				print "x Vulnerability found for : \n\n";
				print "xxx";
				print colored ("$product package",'bold blue on_white');
				print "\n";
				print "xxxxx title: $var->{title}->[0] \n";
				print "xxxxx url: $var->{advisory}->[0] \n";
				print "---------- \n";
				$cout_vuln++;
			}
		}
       }
       if ($cout_vuln == 0 ){
		print colored ("xxx => No Vulnerability found on your system \n",'bold green');}
	else
	{
		print "\n";
		print "**************** \n";
		print "PACAUDIT RESULTS \n";
		print "---------------- \n";
		print colored ("Total: $cout_vuln vuln found on your system \n",'bold red');
		print "---------------- \n";
		#foreach my $id  (@tab){
		#print "$id \n"; 
		#}
	}
}

getopts( "uvh", \%opts );
   if (-e "/etc/pacaudit/pacaudit.xml") {
   $xmlfile="/etc/pacaudit/pacaudit.xml";
   }
   else
   {
   $xmlfile="xml/pacaudit.xml";
   }

if (defined $opts{v})
{
print "Pacaudit version: $pacaudit_version \n";
}
elsif (defined $opts{u})
{
print "Update signatures in progress ...\n";
my $update_url="http://pacaudit.googlecode.com/svn/trunk/xml/pacaudit.xml";
	if (-e '/usr/bin/wget'){
		system("/usr/bin/wget -c ".$update_url." -O ".$xmlfile);
		print "***** \n";
		print "Signatures are now up2date \n";
		print "***** \n\n";
	}
	else{
		print colored ("You must install wget package to update Pacaudit \n",'bold red');}
	}
elsif (defined $opts{h})
{
	print <<HELP;
PACAUDIT ARCHLINUX SCRIPT
V.0.1 http://code.google.com/p/pacaudit/      
          Options :

         -u : Update signatures
         -v : Show Pacaudit version
         -h : Help
HELP
}
else
 {
  print "PACAUDIT started ... \n";	 
  print "  x Softwares Inventory... \n";
  %soft_list=&inventory_packages;
   print "  x Audit Installed Packages... \n\n";
  &audit($xmlfile);
 }
